STIGQter: STIG Summary: Microsoft IIS 8.5 Site Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Both the log file and Event Tracing for Windows (ETW) for each IIS 8.5 website must be enabled.

DISA Rule

SV-214449r508659_rule

Vulnerability Number

V-214449

Group Title

SRG-APP-000092-WSR-000055

Rule Version

IISW-SI-000206

Severity

CAT II

CCI(s)

• CCI-000139 - The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure.
• CCI-001464 - The information system initiates session audits at system start-up.

Weight

10

Fix Recommendation

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name.

Click the "Logging" icon.

Under Log Event Destination, select the "Both log file and ETW event" radio button.

Select "Apply" from the "Actions" pane.

Check Contents

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name.

Click the "Logging" icon.

Under Log Event Destination, verify the "Both log file and ETW event" radio button is selected.

If the "Both log file and ETW event" radio button is not selected, this is a finding.

Vulnerability Number

V-214449

Documentable

False

Rule Version

IISW-SI-000206

Severity Override Guidance

Follow the procedures below for each site hosted on the IIS 8.5 web server:

Open the IIS 8.5 Manager.

Click the site name.

Click the "Logging" icon.

Under Log Event Destination, verify the "Both log file and ETW event" radio button is selected.

If the "Both log file and ETW event" radio button is not selected, this is a finding.

Check Content Reference

M

Target Key

4001

Comments